C++: Insert int-to-bool conversions at 'NotExpr's.

MathiasVP · MathiasVP · commit da20bb8cb602 · 2024-11-19T11:21:00.000Z
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
@@ -51,6 +51,9 @@ newtype TInstructionTag =
   ConditionValueResultLoadTag() or
   BoolConversionConstantTag() or
   BoolConversionCompareTag() or
+  NotExprNotTag() or
+  NotExprConstantTag() or
+  NotExprCompareTag() or
   ResultCopyTag() or
   LoadTag() or // Implicit load due to lvalue-to-rvalue conversion
   CatchTag() or
@@ -193,6 +196,12 @@ string getInstructionTagId(TInstructionTag tag) {
   or
   tag = BoolConversionCompareTag() and result = "BoolConvComp"
   or
+  tag = NotExprNotTag() and result = "NotExprWithBoolConversionNot"
+  or
+  tag = NotExprConstantTag() and result = "NotExprWithBoolConversionConstant"
+  or
+  tag = NotExprCompareTag() and result = "NotExprWithBoolConversionCompare"
+  or
   tag = ResultCopyTag() and result = "ResultCopy"
   or
   tag = LoadTag() and result = "Load" // Implicit load due to lvalue-to-rvalue conversion
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -1325,46 +1325,85 @@ class TranslatedNotExpr extends TranslatedNonConstantExpr {
 
   override Type getExprType() { result instanceof BoolType }
 
+  private Type getOperandType() { result = this.getOperand().getExprType() }
+
   final override Instruction getFirstInstruction(EdgeKind kind) {
     result = this.getOperand().getFirstInstruction(kind)
   }
 
   override Instruction getALastInstructionInternal() {
-    result = this.getInstruction(OnlyInstructionTag())
+    result = this.getInstruction(NotExprNotTag())
   }
 
   final override TranslatedElement getChildInternal(int id) {
     id = 0 and result = this.getOperand()
   }
 
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
-    tag = OnlyInstructionTag() and
+    not this.getOperandType() instanceof BoolType and
+    (
+      tag = NotExprConstantTag() and
+      opcode instanceof Opcode::Constant and
+      resultType = getIntType()
+      or
+      tag = NotExprCompareTag() and
+      opcode instanceof Opcode::CompareNE and
+      resultType = getBoolType()
+    )
+    or
+    tag = NotExprNotTag() and
     opcode instanceof Opcode::LogicalNot and
     resultType = getBoolType()
   }
 
   final override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
-    tag = OnlyInstructionTag() and
+    tag = NotExprConstantTag() and
+    result = this.getInstruction(NotExprCompareTag()) and
+    kind instanceof GotoEdge
+    or
+    tag = NotExprCompareTag() and
+    result = this.getInstruction(NotExprNotTag()) and
+    kind instanceof GotoEdge
+    or
+    tag = NotExprNotTag() and
     result = this.getParent().getChildSuccessor(this, kind)
   }
 
   final override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
     child = this.getOperand() and
     kind instanceof GotoEdge and
-    result = this.getInstruction(OnlyInstructionTag())
+    if this.getOperandType() instanceof BoolType
+    then result = this.getInstruction(NotExprNotTag())
+    else result = this.getInstruction(NotExprConstantTag())
   }
 
   final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
-    tag = OnlyInstructionTag() and
+    tag = NotExprNotTag() and
     operandTag instanceof UnaryOperandTag and
-    result = this.getOperand().getResult()
+    if this.getOperandType() instanceof BoolType
+    then result = this.getOperand().getResult()
+    else result = this.getInstruction(NotExprCompareTag())
+    or
+    tag = NotExprCompareTag() and
+    (
+      result = this.getOperand().getResult() and
+      operandTag instanceof LeftOperandTag
+      or
+      result = this.getInstruction(NotExprConstantTag()) and
+      operandTag instanceof RightOperandTag
+    )
   }
 
   private TranslatedExpr getOperand() {
     result = getTranslatedExpr(expr.getOperand().getFullyConverted())
   }
 
-  final override Instruction getResult() { result = this.getInstruction(OnlyInstructionTag()) }
+  final override Instruction getResult() { result = this.getInstruction(NotExprNotTag()) }
+
+  override string getInstructionConstantValue(InstructionTag tag) {
+    tag = NotExprConstantTag() and
+    result = "0"
+  }
 }
 
 /**
